otf-service-api/src/main/java/org/oran/otf/api/service/impl/TestStrategyServiceImpl.java

   1 /*  Copyright (c) 2019 AT&T Intellectual Property.                             #\r
   2 #                                                                              #\r
   3 #   Licensed under the Apache License, Version 2.0 (the "License");            #\r
   4 #   you may not use this file except in compliance with the License.           #\r
   5 #   You may obtain a copy of the License at                                    #\r
   6 #                                                                              #\r
   7 #       http://www.apache.org/licenses/LICENSE-2.0                             #\r
   8 #                                                                              #\r
   9 #   Unless required by applicable law or agreed to in writing, software        #\r
  10 #   distributed under the License is distributed on an "AS IS" BASIS,          #\r
  11 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #\r
  12 #   See the License for the specific language governing permissions and        #\r
  13 #   limitations under the License.                                             #\r
  14 ##############################################################################*/\r
  15 \r
  16 \r
  17 package org.oran.otf.api.service.impl;\r
  18 \r
  19 import org.oran.otf.api.Utilities;\r
  20 import org.oran.otf.api.handler.CamundaProcessDeploymentHandler;\r
  21 import org.oran.otf.api.service.TestStrategyService;\r
  22 import org.oran.otf.common.model.TestDefinition;\r
  23 import org.oran.otf.common.model.User;\r
  24 import org.oran.otf.common.model.local.BpmnInstance;\r
  25 import org.oran.otf.common.model.local.DeployTestStrategyRequest;\r
  26 import org.oran.otf.common.model.local.OTFApiResponse;\r
  27 import org.oran.otf.common.repository.GroupRepository;\r
  28 import org.oran.otf.common.repository.TestDefinitionRepository;\r
  29 import org.oran.otf.common.repository.UserRepository;\r
  30 import org.oran.otf.common.utility.http.ResponseUtility;\r
  31 import com.fasterxml.jackson.databind.ObjectMapper;\r
  32 import io.swagger.v3.oas.annotations.Hidden;\r
  33 import java.io.IOException;\r
  34 import java.io.InputStream;\r
  35 import java.util.Base64;\r
  36 import java.util.Optional;\r
  37 import javax.ws.rs.core.MediaType;\r
  38 import javax.ws.rs.core.Response;\r
  39 import org.apache.http.HttpResponse;\r
  40 import org.apache.http.conn.HttpHostConnectException;\r
  41 import org.apache.http.util.EntityUtils;\r
  42 import org.bson.types.ObjectId;\r
  43 import org.slf4j.Logger;\r
  44 import org.slf4j.LoggerFactory;\r
  45 import org.springframework.beans.factory.annotation.Autowired;\r
  46 import org.springframework.stereotype.Service;\r
  47 \r
  48 @Service\r
  49 @Hidden\r
  50 public class TestStrategyServiceImpl implements TestStrategyService {\r
  51 \r
  52   private static final Logger logger = LoggerFactory.getLogger(TestStrategyServiceImpl.class);\r
  53 \r
  54   @Autowired private TestDefinitionRepository testDefinitionRepository;\r
  55 \r
  56   @Autowired private UserRepository userRepository;\r
  57 \r
  58   @Autowired private CamundaProcessDeploymentHandler camundaProcessDeploymentHandler;\r
  59 \r
  60   @Autowired private GroupRepository groupRepository;\r
  61 \r
  62   public Response deployTestStrategy(\r
  63       InputStream bpmn,\r
  64       InputStream compressedResources,\r
  65       String testDefinitionId,\r
  66       String testDefinitionDeployerId,\r
  67       String definitionId,\r
  68       String authorization) {\r
  69     if (bpmn == null)\r
  70       return Utilities.Http.BuildResponse.badRequestWithMessage(\r
  71           "BPMN input stream cannot be null.");\r
  72 \r
  73     // Decode the authorization header.\r
  74     byte[] decodedAuthorization = Base64.getDecoder().decode(authorization.replace("Basic ", ""));\r
  75     String credentials = new String(decodedAuthorization);\r
  76     String[] credentialsArray = credentials.split(":");\r
  77 \r
  78     /* Check if the request came from the system specified mechanized identifier. The request goes through AAF\r
  79      * authorization before reaching this code, therefore, assume the headers aren't spoofed. */\r
  80     if (!credentialsArray[0].equals(System.getenv("AAF_ID")))\r
  81       return Utilities.Http.BuildResponse.badRequestWithMessage(\r
  82           "Unauthorized to use this service.");\r
  83 \r
  84     // Map to a POJO model2.\r
  85     ObjectId _testDefinitionDeployerId = null;\r
  86     ObjectId _testDefinitionId = null;\r
  87 \r
  88     if (testDefinitionDeployerId != null && ObjectId.isValid(testDefinitionDeployerId))\r
  89       _testDefinitionDeployerId = new ObjectId(testDefinitionDeployerId);\r
  90     if (testDefinitionId != null && ObjectId.isValid(testDefinitionId))\r
  91       _testDefinitionId = new ObjectId(testDefinitionId);\r
  92 \r
  93     DeployTestStrategyRequest request =\r
  94         new DeployTestStrategyRequest(_testDefinitionDeployerId, _testDefinitionId, definitionId);\r
  95 \r
  96     //          String bpmnContents = null;\r
  97     //          try (final Reader reader = new InputStreamReader(bpmn)) {\r
  98     //                  bpmnContents = CharStreams.toString(reader);\r
  99     //                  } catch (Exception e) {\r
 100     //                  e.printStackTrace();\r
 101     //          }\r
 102 \r
 103     // Check if the request actually contains a bpmn string.\r
 104     //          try {\r
 105     //                  if (bpmnContents == null || bpmnContents.trim().length() == 0)\r
 106     //                          return Utilities.Http.BuildResponse.badRequestWithMessage("BPMN contents are null.");\r
 107     //          } catch (Exception e) {\r
 108     //                  logger.error(Utilities.getStackTrace(e));\r
 109     //          }\r
 110 \r
 111     // If a test definition id is supplied, the request intends to update an existing test\r
 112     // definition.\r
 113     if (request.getTestDefinitionId() != null) {\r
 114       // Check if the test definition exists in the database.\r
 115       Optional<TestDefinition> testDefinitionOptional =\r
 116           testDefinitionRepository.findById(request.getTestDefinitionId().toString());\r
 117 \r
 118       if (!testDefinitionOptional.isPresent())\r
 119         return Utilities.Http.BuildResponse.badRequestWithMessage(\r
 120             String.format("Test definition (%s) was not found.", request.getTestDefinitionId()));\r
 121 \r
 122       // Check if a user to update the definition was supplied.\r
 123       if (request.getTestDefinitionDeployerId() == null)\r
 124         return Utilities.Http.BuildResponse.badRequestWithMessage(\r
 125             "Must specify testDefinitionDeployerId.");\r
 126 \r
 127       // Check if the user requesting to update the definition is the user who originally created\r
 128       // the definition.\r
 129       TestDefinition testDefinition = testDefinitionOptional.get();\r
 130 \r
 131       if (!testDefinition\r
 132           .getCreatedBy()\r
 133           .toString()\r
 134           .equals(request.getTestDefinitionDeployerId().toString()))\r
 135         return Utilities.Http.BuildResponse.badRequestWithMessage(\r
 136             String.format(\r
 137                 "User (%s) is not authorized to update this test definition.",\r
 138                 request.getTestDefinitionDeployerId()));\r
 139 \r
 140       // Check if the version to deploy already exists\r
 141       for (BpmnInstance bpmnInstance : testDefinition.getBpmnInstances()) {\r
 142         if (bpmnInstance.getProcessDefinitionId().equalsIgnoreCase(request.getDefinitionId()))\r
 143           return Utilities.Http.BuildResponse.badRequestWithMessage(\r
 144               String.format(\r
 145                   "A deployment with the definitionId %s already exists.",\r
 146                   request.getDefinitionId()));\r
 147       }\r
 148     }\r
 149 \r
 150     // Make the deployment request to Camunda. Relay the response received by Camunda.\r
 151     return camundaProcessDeploymentHandler.start(bpmn, compressedResources);\r
 152   }\r
 153 \r
 154   public Response deleteByDeploymentId(String deploymentId, String authorization) {\r
 155     User user = Utilities.findUserByAuthHeader(authorization, userRepository);\r
 156     if (!isAuthorized(authorization)) {\r
 157       return Utilities.Http.BuildResponse.unauthorized();\r
 158     }\r
 159 \r
 160     String url =\r
 161         String.format(\r
 162             "%s:%s/%s/%s",\r
 163             System.getenv("otf.camunda.host"),\r
 164             System.getenv("otf.camunda.port"),\r
 165             System.getenv("otf.camunda.deploymentDeletionUri"),\r
 166             deploymentId);\r
 167 \r
 168     try {\r
 169       HttpResponse res = Utilities.Http.httpDeleteAAF(url);\r
 170       String resStr = EntityUtils.toString(res.getEntity());\r
 171       int status = res.getStatusLine().getStatusCode();\r
 172       return Response.status(status)\r
 173           .type(MediaType.APPLICATION_JSON)\r
 174           .entity(new OTFApiResponse(status, resStr))\r
 175           .build();\r
 176 \r
 177     } catch (Exception e) {\r
 178       e.printStackTrace();\r
 179       return Utilities.Http.BuildResponse.internalServerError();\r
 180     }\r
 181   }\r
 182 \r
 183   public Response deleteByTestDefinitionId(String testDefinitionId, String authorization) {\r
 184     User user = Utilities.findUserByAuthHeader(authorization, userRepository);\r
 185     if (!isAuthorized(authorization)) {\r
 186       return Utilities.Http.BuildResponse.unauthorizedWithMessage("Authorization headers not set.");\r
 187     }\r
 188 \r
 189     String url =\r
 190         String.format(\r
 191             "%s:%s/%s/%s",\r
 192             System.getenv("otf.camunda.host"),\r
 193             System.getenv("otf.camunda.port"),\r
 194             System.getenv("otf.camunda.testDefinitionDeletionUri"),\r
 195             testDefinitionId);\r
 196 \r
 197     try {\r
 198       HttpResponse res = Utilities.Http.httpDeleteAAF(url);\r
 199       String resStr = EntityUtils.toString(res.getEntity());\r
 200       int status = res.getStatusLine().getStatusCode();\r
 201       return Response.status(status)\r
 202           .type(MediaType.APPLICATION_JSON)\r
 203           .entity(new OTFApiResponse(status, resStr))\r
 204           .build();\r
 205     } catch (HttpHostConnectException e) {\r
 206       return ResponseUtility.Build.serviceUnavailableWithMessage(e.getMessage());\r
 207     } catch (Exception e) {\r
 208       e.printStackTrace();\r
 209       return Utilities.Http.BuildResponse.internalServerError();\r
 210     }\r
 211   }\r
 212 \r
 213   private boolean isAuthorized(String authorization) {\r
 214     User user = Utilities.findUserByAuthHeader(authorization, userRepository);\r
 215     return (user.getEmail().equalsIgnoreCase("email@localhost")\r
 216         || user.getEmail().equalsIgnoreCase("email@localhost"));\r
 217   }\r
 218 \r
 219   private DeployTestStrategyRequest mapToDeployTestStrategyRequest(String body) {\r
 220     ObjectMapper mapper = new ObjectMapper();\r
 221     try {\r
 222       return mapper.readValue(body, DeployTestStrategyRequest.class); // Perform the mapping\r
 223     } catch (IOException e) { // Indicates an unknown request body\r
 224       logger.error(e.getMessage());\r
 225       return null;\r
 226     }\r
 227   }\r
 228 }\r